Skip to main content

1Password

The 1Password Matano managed log source lets you ingest your 1Password logs for item usages & sign-in attempts directly into Matano.

Usage

Use the managed log source by specifying the managed.type property in your log_source as ONEPASSWORD.

name: onepassword

managed:
  type: ONEPASSWORD
  properties:
    events_api_url: <MY_EVENTS_API_URL>  # e.g. https://events.1password.com (see below)

Populate the events_api_url property according to the following table:

If your account is on:Your Events API URL is:
1Password.comhttps://events.1password.com (1Password Business) https://events.ent.1password.com (1Password Enterprise)
1Password.cahttps://events.1password.ca
1Password.euhttps://events.1password.eu

For the tables you would like to enable from this managed log source, under a tables/ subdirectory in your log source directory, create a file with the name <table_name>.yml>. For example:

my-matano-dir/
└── log_sources/
    └── onepassword/
        └── log_source.yml
        └── tables/
            └── item_usages.yml
            └── signin_attempts.yml

For a complete reference on configuring log sources, including extending the table schema, see Log source configuration.

Tables

The 1Password managed log source supports the following tables:

  • item_usages
  • signin_attempts

Ingest

Pull (default)

Matano integrates with your 1Password account to automatically pull relevant logs on a regular basis (every 1 min).

To get started with the integration, specify the following properties in the log source configuration file:

managed:
  type: ONEPASSWORD
  properties:
    events_api_url: <MY_EVENTS_API_URL>  # e.g. https://events.ent.1password.com (see above)

After the first deployment, this log source will also generate a secret in AWS secret's manager to store secrets related to this integration.

Secret

To finish onboarding the log source, populate the api_token field in the secret generated by Matano in AWS Secrets Manager, with the value from an API token created in the Integrations page from your 1Password Admin console.

Schema

1Password log data is normalized to ECS fields. Custom fields are normalized into the onepassword field. You can view the complete mapping to see the full schema.